CVE-2022-4329

Name of the Vulnerable Software and Affected Versions The Product list Widget for Woocommerce WordPress plugin through 1.0

Description The issue is related to a Reflected Cross-Site Scripting that could be used against both unauthenticated and authenticated users, including high-privilege ones like admin. This occurs because a parameter is not properly sanitised and escaped before being outputted back in the page.

Recommendations For The Product list Widget for Woocommerce WordPress plugin through 1.0, update to a version that properly sanitises and escapes parameters to prevent Reflected Cross-Site Scripting. As a temporary workaround, consider restricting access to the plugin's functionality to minimise the risk of exploitation.